McAfee Labs says the overwhelming majority of UK businesses fail to spot anything fishy about online phising traps.
Phishing continues to be an effective tactic for infiltrating enterprise networks, with 79% of UK business people falling for them hook, line and sinker, according to a report from IT security specialist McAfee Labs.
Testing the ability of 18,000 business users globally in detecting online scams, the McAfee Phishing Quiz discovered that the 79% of the 1,755 UK participants failed to detect at least one of seven phishing emails. Furthermore, results showed that finance and HR departments, those holding some of the most sensitive corporate data, performed the worst at detecting scams.
Looking more closely at the UK’s performance in the McAfee Phishing Quiz:
· Only 7% of business users were able to identify whether a set of 10 emails were phishing emails or the real thing
· In almost every company surveyed, the accounting / finance and HR departments showed to be the least skilled in detecting phishing attempts at a 64% and 62% accuracy rates respectively
· Research and Development (R&D) departments proved to be the strongest at detecting phishing emails with 77% accuracy, followed closely by those in IT at 73%
· R&D workers in the UK performed significantly better at detecting phishing emails (77%) than the rest of the world (average of 66%); R&D departments worldwide also scored lower than their counterparts in the UK, achieving an average of 69%
· By a wide margin, the results show that business users in the UK are more likely to fall for a phishing attempt if it uses a spoofed sender email address – more than any other tactic tested. 62% of business users fell for an attempt that used a legitimate appearing email address from UPS; 52% for an email appearing to come from eFax
250,000 new phishing URLs
Since the last Threats Report, McAfee Labs has collected more than 250,000 new phishing URLs, leading to a total of nearly one million new sites in the past year. Not only did they see an increase in total volume, but a significant rise in the sophistication of the phishing attacks occurring in the wild. Results showed both mass campaign phishing and spear phishing to still be rampant in the attack strategies used by cybercriminals around the world. Meanwhile, the United States continues to host more phishing URLs than any other country.
Raj Samani, EMEA CTO, McAfee, part of Intel Security, said: “As highlighted by our latest report, phishing continues to pose significant security risks for businesses and consumers alike. More worryingly, perhaps, is the lack of education around how to spot a phishing email amidst the many emails we’re sent on a daily basis. But phishing is only a small drop in the wider security threat landscape, which is ever-changing and increasingly complex. It’s no longer enough to react to threats as and when they happen.
“One of the greatest challenges we face today is upgrading the Internet’s core technologies in order to make sure we’re on the front foot rather than a step behind cybercriminals. Prevention is the way forward if we are to truly combat the array of threats we’re seeing appear on a daily basis.”
Findings also revealed new cybercrime opportunities since the public disclosure of the Heartbleed vulnerability, as stolen data from the continuingly vulnerable websites is still being sold on the black market. Lists of unpatched websites have quickly become hit lists for cybercriminals and tools are readily available to mine unpatched sites. With these tools, it is possible to tie together an automated system that targets known vulnerable machines and extracts sensitive information.
How much do you know about online security? Take out quiz!